How to fix CVE-2025-48172?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Integer Overflow affected by CVE-2025-48172?

CVE-2025-48172 presents moderate security risk, a integer overflow vulnerability rated CVSS 5.6. Exploitation could cause memory corruption or application crashes. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-48172

EUVD-2025-20018 MEDIUM

2025-07-04 [email protected]

5.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 02:42 euvd

EUVD-2025-20018

Analysis Generated

Mar 16, 2026 - 02:42 vuln.today

CVE Published

Jul 04, 2025 - 13:15 nvd

MEDIUM 5.6

Description

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes.

Analysis

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes.

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected: SumatraPDF and other products

Remediation

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

Ubuntu

Priority: Medium

chmlib

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

chmlib

Release	Status	Fixed Version	Urgency
bullseye	fixed	2:0.40a-7	-
bookworm	fixed	2:0.40a-8	-
trixie	fixed	2:0.40a-8.1	-
forky, sid	fixed	2:0.40a-9	-
(unstable)	not-affected	-	-

CVE-2025-48172 vulnerability details – vuln.today

Back

CVE-2025-48172

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-48172

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code